New Guess-and-Determine Attack on the Self-Shrinking Generator

  • Bin Zhang
  • Dengguo Feng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)


We propose a new type of guess-and-determine attack on the self-shrinking generator (SSG). The inherent flexibility of the new attack enables us to deal with different attack conditions and requirements smoothly. For the SSG with a length L LFSR of arbitrary form, our attack can reliably restore the initial state with time complexity O(20.556 L), memory complexity O(L 2) from O(20.161L)-bit keystream for L≥100 and time complexity O(20.571 L), memory complexity O(L 2) from O(20.194 L)-bit keystream for L< 100. Therefore, our attack is better than all the previously known attacks on the SSG and especially, it compares favorably with the time/memory/data tradeoff attack which typically has time complexity O(20.5 L), memory complexity O(20.5 L) and data complexity O(20.25 L)-bit keystream after a pre-computation phase of complexity O(20.75 L). It is well-known that one of the open research problems in stream ciphers specified by the European STORK (Strategic Roadmap for Crypto) project is to find an attack on the self-shrinking generator with complexity lower than that of a generic time/memory/data tradeoff attack. Our result is the best answer to this problem known so far.


Stream cipher Self-shrinking Guess-and-determine Linear feedback shift register (LFSR) 


  1. 1.
    Armknecht, F., Krause, M.: Algebraic Attacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F.: Improving Fast Algebraic Attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 65–82. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Shamir, A.: Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Canteaut, A., Trabbia, M.: Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Chose, P., Joux, A., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Blackburn, S.R.: The linear complexity of the self-shrinking generator. IEEE Transactions on Information Theory 45(6), 2073–2077 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Courtois, N.T.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Meier, W.: Algebraic Attacks on Stream ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Ekdahl, P., Johansson, T., Meier, W.: A note on the self-shrinking generator. In: Proceeding of IEEE symposium on Information Theory, p. 166 (2003)Google Scholar
  11. 11.
    Golić, J.D., O’Connor, L.: Embedding and probabilistic correlation attacks on clock-controlled shift registers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 230–243. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  12. 12.
    Golić, J.D.: Correlation analysis of the shrinking Generator. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 440–457. Springer, Heidelberg (2001)Google Scholar
  13. 13.
    Golomb, S.W.: Shift Register Sequences, Revised edition. Aegean Park Press, Laguna Hills (1982)Google Scholar
  14. 14.
    Johansson, T.: Reduced complexity correlation attacks on two clock-controlled generators. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 342–356. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Johansson, T., Jönsson, F.: Improved fast correlation attacks on stream ciphers via convolutional codes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 347–362. Springer, Heidelberg (1999)Google Scholar
  16. 16.
    Johansson, T., Jönsson, F.: Fast correlation attacks through reconstruction of linear polynomials. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 300–315. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Krause, M., Stegemann, D.: Reducing the Space Complexity of BDD-Based Attacks on Keystream Generators. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 163–178. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Krause, M.: BDD-based cryptanalysis of keystream generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Krawczyk, H.: The shrinking generator: Some practical considerations. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 45–46. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  21. 21.
    Massey, J.L.: Shift register synthesis and BCH decoding. IEEE Transactions on Information Theory 15, 122–127 (1969)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Meier, W., Staffelbach, O.: The Self-Shrinking generator. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 205–214. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  23. 23.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1, 159–176 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Mihaljević, M.J., Fossorier, M.P.C., Imai, H.: Fast correlation attack algorithm with list decoding and an application. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 196–210. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Mihaljević, M.J., Fossorier, M.P.C., Imai, H.: A low-complexity and high-performance algorithm for the fast correlation attack. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 196–212. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Mihaljević, M.J.: A faster cryptanalysis of the self-shrinking generator. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 147–158. Springer, Heidelberg (1998)Google Scholar
  27. 27.
    Simpson, L.R., Golić, J.D., Dawson, E.: A probabilistic correlation attack on the shrinking generator. In: Boyd, C., Dawson, E. (eds.) ACISP 1998. LNCS, vol. 1438, pp. 147–189. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Shparlinski, I.: On some properties of the shrinking generator,
  29. 29.
  30. 30.
    Wan, Z.: Geometry of Classical Groups over Finite Fields, 2nd edn. Science Press, New York (2002)Google Scholar
  31. 31.
    Zenner, E., Krause, M., Lucks, S.: Improved Cryptanalysis of the Self-Shrinking Generator. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 21–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. 32.
    Zeng, K., Yang, C., Rao, T.: On the linear consistency test (LCT) in cryptanalysis with applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 164–174. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Bin Zhang
    • 1
  • Dengguo Feng
    • 1
  1. 1.Chinese Academy of SciencesState Key Laboratory of Information Security, Institute of SoftwareBeijingP.R. China

Personalised recommendations